We realize that you care how your information is processed and shared. We also believe it is important to you to know how we treat that information, and we appreciate your trust in us to do that carefully and sensibly.
GetResponse undertakes to process your Personal Information in accordance with all applicable privacy and data protection laws, regulations, frameworks and requirements (collectively, “Applicable Privacy Laws”), including the California Consumer Privacy Act of 2018 (the “CCPA”) applicable to Personal Information of customers defined therein; the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “GDPR”) applicable to Processing that falls within the scope thereof and other Applicable Privacy Laws of the United States and other countries.
For the purpose of the CCPA, with respect to Personal Information of Customer GetResponse serves the role or the “business” (as defined by the CCPA); and with respect to Personal Information of Contacts we are the “service provider” (as defined by the CCPA). Accordingly, pursuant to the GDPR – we are either the “data controller” (as defined by the GDPR) as to Personal Information of Customer, and “data processor” (as defined by the GDPR) as to Personal Information of Contacts.
Unless stated otherwise, we process your Personal Information as a data controller/business in connection with your use of the Service or the Platform. As such, we determine the purposes and means of the processing of Personal Information.
For purposes of each agreement between you and GetResponse, Personal Information include data that identify you as a specific individual: i.e. your name, email address, phone number, geographical address, and/or company name and company address. This information is used to complete the Account details, process Customer information requests, verify the validity of such requests, and/or process payments solely for the Service that you have ordered.
GetResponse only collects Personal Information that you choose to provide voluntarily in connection with your subscribing to or otherwise using the Service. GetResponse will advise you regarding which information is required, and which information is not required.
When you visit the Website or use the Service, we receive and may collect two types of information: (1) Website Use Information (defined below) and cookies, and (2) Personal Information you knowingly choose to disclose, which is collected on an individual basis.
If you click on a link on the Website, it may redirect you to a third-party website, causing you to leave our Website. We are not responsible for the privacy practices of third-party sites, and we encourage you to read their privacy statements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
2. Special note about children
This Website is not intended for children, especially children under age of 13. Children may use this Website only with the direct supervision of their parent or other legal guardian. GetResponse does not knowingly collect information about, or target children under age of 13 to use the Website. If we learn that we have collected or received Personal Information from a minor, we will delete that Personal Information. If you believe we might have any information from or about a minor, please contact us at email@example.com please contact us through your dedicated Account Manager or this link: https://www.getresponse.com/feedback.html.
3. Customer Data Processing
GetResponse collects Personal Information from Users who visit the Website or subscribe to the Service. When a Customer subscribes to our Service, we require: (i) password, (ii) email address, (iii) first and last name, (iv) company or organization, (v) address, (vi) phone number, (vii) billing information. We may also ask Customers to provide additional personal information, such as (i) tax id number, (ii) industry, (iii) other company details, and (iv) personal details that the Customer may opt out of by not entering data when asked. We use the email addresses provided to us in the subscription process to communicate with our Customers. From time to time, GetResponse may contact you via email to notify you of changes to its Service, scheduled maintenance, information about GetResponse and promotional material from GetResponse. The Customer is obliged to update the data provided to us as soon as any change in that data occurs. We will retain and use your information for as long as needed to provide you the Service, comply with our legal obligations, resolve disputes, and enforce our agreements.
Provision of Personal Information in connection with your use of the Service is voluntary. Note, however, that the refusal to provide certain data may make it impossible for you to use all or part of the features of the Service.
Because our servers and operations are in the United States, the Personal Information and data that you provide to us (regarding you, your Contacts or otherwise) may be transferred to, collected, stored, or processed in the United States. We may also transfer that information or data to our affiliates, contractors or others, in the United States or elsewhere. In each case, we will do so only to the extent necessary to provide you the Service, comply with our legal obligations, resolve disputes, and enforce our agreements.
You expressly agree to indemnify, defend and hold harmless GetResponse from any and all losses, damages or liabilities, including but not limited to attorneys’ fees and related costs, that we incur as a result of or in connection with any breach of your commitments, obligations or representations hereunder.
Personal Information of Contacts
GetResponse recognizes the importance of respecting the privacy of Contacts who decide to entrust their information to our Customers, and we strive to safeguard the security of the information we receive about Contacts. GetResponse will never use that information to send any information other than as expressly provided by you, nor will we share it with or sell it to anyone else for such use.
Personal Data of EEA Contacts
Processing of personal data of Contacts located in the EEA may be outsourced by the Customer to GetResponse only where the Customer is the data controller (within the meaning of Article 4 item 7 of the GDPR) or where Customer processes personal data of Contacts on the basis of Article 28 of the GDPR.
GetResponse may process personal data of Contacts on instructions from the Customer within its capacity of data processor within the meaning of Article 4 item 8 of the GDPR. Processing of personal data of Contacts may be outsourced only to the extent necessary to ensure proper provision of the Service, and GetResponse will only delegate its responsibilities for processing personal data to entities from countries or sectors that ensure an adequate level of personal data protection.
4. Erasure of Processed Data
If you are our Customer, we store your Personal Information for the time during which you have an Account with our Service. When you deactivate your Account, we’ll store your Personal Information for 30 days for the sole purpose of enabling you to reactivate the Account. During that time, we’ll only store your data without any other processing activities subject to our other obligations or rights arising from applicable laws or public authority orders. After that time, we’ll delete your Personal Information from the main database, without the possibility to recover it. In the next 15 days, your Personal Information will be subject to encryption and stored in backup copies only. The said 15-day period is required to delete the Personal Information completely due to the specifics of the backup copy operations.
We’ll store the Personal Information of our newsletter subscribers or persons who have agreed to receive marketing content from us until they resign.
After expiration of the periods described above, your Personal Information will be erased, excluding the following data:
-Service usage history,
-and information about expressed consents.
We’ll store this data only for as long as we need to handle complaints and manage claims related to the use of the Service, and for as long as is required by tax and accounting regulations.
5. Sharing Information Regarding the Customers and Contacts
We reserve the right to disclose such Personal Information as required by law and when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, Court order, or legal process served on GetResponse.
In certain situations, GetResponse may be required to disclose Personal Information in response to valid subpoenas or lawful requests by public authorities, including to meet national security or law enforcement requirements. For information regarding our Subpoena Policy, please click here.
We use third parties as necessary to provide the Service, such as a credit card processing company to bill the Customer for goods and services. When you sign up for the Service we will share your information with third parties as necessary to provide the Service.
These third parties are prohibited from using your Personal Information for promotional purposes.
If GetResponse is involved in a merger, acquisition, or sale of all or a portion of its assets, that include your Personal Information, you will be notified via email and/or a prominent notice on the Website of any change in ownership or use of your Personal Information, as well as any choices you may have regarding your personal information.
Customer’s Account information, username, password and profile are password-protected so that Customers have secure access to enter and edit personal data. It is the Customers’ responsibility to protect the security of their passwords. Access to the Service is protected by a unique username and password that is known to the Customer only. GetResponse has designed internal security processes that encrypt the Customer’s password to protect it from being divulged or accessed by anyone other than the Customer. Neither GetResponse employees nor any of its contractors is permitted to obtain or access your password. Neither GetResponse employees nor any of its contractors will ask you for your password via mail, email, telephone or in any other unsolicited manner.
7. Website Use Information
Our servers automatically collect Website Use Information, each time you visit the Website.
“Website Use Information” means and includes information ascertained or ascertainable by GetResponse regarding your usage of the Website, including (but not limited to) accessing domain names, operating systems in use (e.g. Macintosh, Windows), browsers (e.g. Mozilla Firefox, Internet Explorer) and version, the Website which referred you to us, and other similar information. This information may be aggregated to measure the number of visits, average time spent on the Website, pages viewed, time and date of visits, and other similar information. We may use and disclose Website Use Information, for example, to measure the use of the Website, improve the content, explain the utility of the Website and services we provide, and to extend their functionality.
As is true of most Websites, we gather certain information automatically and store it in log files. This information includes browser type, referring/exit pages, operating system, date/time stamp, and clickstream data.
We use this information to analyse trends, to administer the Website, to track Users’ movements around the Website and to gather demographic information about our User base as a whole.
Similar to other commercial websites, the technology called “cookies” may be used to provide you with tailored information. A cookie is a small piece of data that a website can send to your browser, which may then be stored on your hard drive, so we can recognize you when you return. You may be able to set your browser to notify you when you receive a cookie. Our cookies collect general information that enhances our ability to serve you and measure the utility of the Website. We do not link the information we store in cookies to any personal information you submit while on the Website.
Information we collect may be used to enhance your use of the Website, and to provide you with the Service, arrange the Website in the most customer friendly way, communicate special offers and featured items, and/or respond to your questions and suggestions.
We partner with a third party to either display advertising on our Website or to manage our advertising on other sites. Our third-party partners may use technologies such as cookies to gather information about your activities on this Website and other sites in order to provide you advertising based upon your browsing activities and interests. If you do not want information about your activities on the Website to be used to serve you interest-based ads on the Website, you may opt-out by clicking here. Please note this does not opt you out of being served ads. You will continue to receive generic ads.
8. Mailing Policy
When you accept to receive information about our services, promotions, newsletters, press releases, and/or new offers, we use your email address and any other information you give us to provide you with the information or other services, until you ask us to stop (using the ‘unsubscribe’ instructions provided with each email communication).
When you request information or other services from us, we use your email address and any other information you give us to provide you with the information or other services that you requested, until you ask us to stop (using the ‘unsubscribe’ instructions provided with each email, and/or on the site where you signed up, and/or as we otherwise provide), or until the information or service is no longer available.
9. Information Security
We believe that keeping personal information secure is one of our most significant responsibilities.
We restrict access to Personal Information about you to those employees and others who need to know that information to assist us in our business, or to provide products or services to you. We safeguard personal information, according to established security standards and procedures, by maintaining physical, electronic, and procedural safeguards for such personal data.
When we request Customers to enter sensitive information, such as credit card number, it is encrypted and protected using SSL technology and processed through a reputable payment processor. While on the secure page, the lock icon at the bottom of web browsers, e.g. Mozilla Firefox or Microsoft Internet Explorer, becomes locked, as opposed to unlocked or open, when you are just ‘surfing’ to indicate that the information being entered during that session is encrypted.
All of our Customers’ information, not just the sensitive information mentioned above, is restricted in our offices. Only employees who need the information to perform a specific job (e.g. our billing clerk or a Customer service representative) are personally granted access to sensitive information.
GetResponse stores its servers in a highly secure server environment, with surveillance and support to prevent unauthorized access and data security.
We cannot guarantee the security of your data while it is being transmitted over the Internet and through servers that are out of our control. We strive to protect your Personal Information but GetResponse cannot ensure or warrant the security of any information you transmit to the Website or Services. Any data transmissions you make over the Internet are done so at your own risk. Once we receive the data transmission, we make our best efforts to ensure its security and privacy on our systems.
Our blog is managed by a third-party application that may require you to register to post a comment. We do not have access or control of the information posted to the blog. You will need to contact or login into the third-party application if you want your Personal Information that was posted to the comments section removed. To learn how the third blog party application uses your information, please review their privacy statement.
Facebook Connect or another OpenID provider
You can log in to the Website using sign-in services such as Facebook Connect or an Open ID provider. These services will authenticate your identity and provide you the option to share certain Personal Information with us such as your name and email address to pre-populate our sign-up form. Services like Facebook Connect give you the option to post information about your activities on the Website to your profile page to share with others within your network.
Social Media Widgets
We post Customers’ testimonials/reviews on the Website which may contain personal information. We do obtain the Customer’s consent via email prior to posting the testimonial/review to post their name along with their testimonial/review. If you wish to update or delete your testimonial, you can contact us by your dedicated Account Manager or using our feedback form.
10. View, Change or Remove Information
Upon request GetResponse will provide you with information about whether we hold any of your personal information. You may change or delete your profile information at any time by going to your profile page and clicking “My Account” or “Manage Account” option from the menu, and then updating the existing information. Please contact us by your dedicated Account Manager or using our feedback form if you need assistance in updating or reviewing your information.
11. Specific provisions required by the California Consumer Privacy Act of 2018 (the “CCPA”)
List of categories GetResponse has collected about customers, governed by the CCPA, in the last twelve (12) months:
|A. Identifiers.||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.||yes|
|B. Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.Some personal information included in this category may overlap with other categories.||yes|
|C. Protected classification characteristics under California or federal law.||Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).||no|
|D. Commercial information.||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||yes|
|E. Biometric information.||Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.||yes|
|F. Internet or other similar network activity.||Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.||yes|
|G. Geolocation data.||Physical location or movements.||yes|
|H. Sensory data.||Audio, electronic, visual, thermal, olfactory, or similar information.||yes|
|I. Professional or employment-related information.||Current or past job history or performance evaluations.||no|
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.||no|
|K. Inferences drawn from other Personal Information.||Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||yes|
Why do we process your Personal Information? The business and commercial purpose for collecting Personal Information (as required by the CCPA)
1. To provide the Service or Platform
We Process your Personal Information because it is necessary to enable you to use our Service or Platform. In other words, we need to Process your Personal Information to enable you to sign up as our Customer or order our materials as our User. Otherwise, we wouldn’t be able to provide the Service or enable you to use the Platform. Thus, your Personal Information needs to be Processed, so we may perform the contract and provide our services.
2. For legitimate business interests
We Process your Personal Information for our legitimate business interest (Art. 6.1(f) of the GDPR):
For analytical purposes. We believe we have a legitimate interest in analyzing Service and Platform operations and Customer and User satisfaction. We consider processing this data beneficial to Customers and Users. Our aim is to constantly develop the Platform and to provide the Service of the highest quality of the Service.
To exercise legal claims. We believe we have a legitimate interest in processing your Data if it’s necessary to exercise claims concerning the use of the Service or the Platform that’s unlawful or incompatible with the Terms of Service or to defend ourselves against such claims.
To answer your queries. We believe we have a legitimate interest in replying to petitions and queries made through one of the available channels. We consider processing this Data beneficial for you because it allows us to help you and respond to your queries.
To conduct customer satisfaction surveys. We believe we have a legitimate interest in verifying if our Customers and Users are satisfied and what would help us improve the quality of the Service and the Platform.
To prevent fraud and abuse. We believe we have a legitimate interest in conducting necessary verification to detect and prevent potential fraud and abuse, including spam detection. We understand processing this Data is beneficial for all parties involved, especially for you and your subscribers, because it allows us to set up precautions, protecting you and your subscribers against third parties sending malicious software or attempting fraud.
3. To send you marketing communication.
This processing is based on your consent, consistent with Art. 6. sec. 1(a) of GDPR.
4. For marketing purposes including creating your profile
The legal basis for processing your Personal Information are legitimate interests of GetResponse under Art. 6 sec. 1 (f) GDPR. We have a legitimate interest in analyzing how our Customers and Users use our Service and Platform, to improve and expand our customer base. Users of the Platform who have expressed their interest in receiving marketing communication to their email address give us their free, specific, informed, and unambiguous consent. Hence, we have inferred that they would have a reasonable expectation to receive such communication. At the same time, they expect that the communication we will send should be consistent with their interests. Personalized marketing communication allows our Customers to use our Service more effectively and benefit from our attractive offers. For profiling, we use only the Data our Customers or Users provide us with or the Data concerning their activity within the Platform or Service. We’re only interested in what you do on our Platform or when you use our Service, and not what you do on other websites. That’s why we decided that our interests are justified, legitimate, and at the same time, they don’t violate the rights or freedoms of our Users or Customers, which may override them.
In the last twelve (12) months, GetResponse has disclosed the following categories of Personal Information of Customers governed by the CCPA, for a business purpose (as defined by the CCPA): Identifiers, Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)), Commercial information, Internet or other similar network activity, Geolocation data.
Your rights. You have control over your Personal Information.
We make sure that our Customers and Users can exercise their rights concerning their Personal Information. You may exercise your rights by filing a demand to the following email address: firstname.lastname@example.org, you can also contact us via form available here https://www.getresponse.com/features/support or via email email@example.com
All you need to do is to inform us about the reason for your motion and the right you want to exercise. If you have an Account in the Service, you can exercise some of your rights directly after you log in to your Account. Please remember that if you change your settings in the Account, we may need up to three (3) hours to apply the changes into our systems due to technical reasons. This explains why during that time you may still be receiving emails from our system while it is updating your settings.
Please be informed that any disclosures we provide will only cover the 12-month period preceding your verifiable request’s receipt. For data portability requests, we will select a format to provide personal information that should allow you to transmit the information from one entity to another entity without hindrance, specifically by electronic mail communication.
Very often we act as a data processor/service provider of Personal Information. This is mainly the case of processing of Personal Information of Contacts on behalf of our Customers using our Service. In such cases, if you are a Contact and want to exercise your data protection rights or have any questions about how your Personal Information is handled by us as a data processor/service provider, you should contact your data controller/business covered by the CCPA, who the Customer who has decided to entrust us with your Personal Information. You should also refer to separate privacy policies adopted by such Customer.
1. Right of Disclosure or Access
You have the right to access Personal Information about you that we hold, and the right to request disclosure of your Personal Information we possess, receive additional details regarding your Personal Information we collect and its use purpose, including any third party with which we share it.
If you have an Account with the Service, you can directly access your Personal Information you have provided at all times, after logging into your Account. You can also file a request by sending an e-mail to firstname.lastname@example.org.
You are also able to correct or amend your Personal Information where it is inaccurate or has been processed in violation of the data protection laws.
You can do it yourself in your Account or ask us to correct or amend your Personal Information by sending an e-mail request to email@example.com.
If you a California resident, and the CCPA applies to you, you can also contact us via form available here or via email firstname.lastname@example.org
2. Right to Deletion
You have the right to deletion of Personal Information we have collected. We’ll treat your demand to erase all your Personal Information as a demand to delete your Account.
We will keep some of your Personal Information despite the demand to erase it if it’s necessary for complying with legal obligations, detect security incident, exercise a legal rights, establishing, pursuing, or defending a claim, or otherwise as specified by applicable law. It especially refers to Personal Information concerning your name, surname, email address, and the Platform or Service use history, which we keep being able to address complaints and claims connected to the Platform or use of the Service.
3. Right of Personal Information Portability
In response to a request for disclosure, we must provide Personal Information in a readily useable format to enable you to transmit the Information from us to another entity without hindrance. We will send your Personal Information in a .CSV format. This format is commonly used and machine-readable and enables the transmission of your Personal Information to another entity.
4. Choice Principle (Opt out)
We offer you the opportunity to choose (opt out) whether your Personal Information is
– to be disclosed to a third party, or
-to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you.
You may request an opt out from:
-processing your email address to send you our marketing communication to your email address,
-collecting your data by cookies. Read more in the Cookies Policy.
Your opt out request is effective upon execution, and it does not affect the lawfulness of the earlier processing. You can always opt out without detriment. It may, however, render you unable to use some of the features of the Platform or the Services which we may legally render only with your consent (e.g., receiving the newsletter on the new updates in our Resources).
You may opt out in one of the following ways:
-by clicking “unsubscribe” in the email you received,
– as described in section “General” above
In any time, we will not discriminate against you for exercising any of your CCPA rights. According to that, unless permitted by the CCPA, we will not:
-Deny you goods or services.
-Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
-Provide you a different level or quality of goods or services.
-Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.
12. Other Terms
If, however, we make material changes or GetResponse is going to use Users’ personal information in a manner different from that stated at the time of collection we will notify Users via the Website prior to the change becoming effective. Users will have a choice as to whether or not we use their information in this different manner. However, if Users have opted out of all communication with the Website, or deleted their Account, then they will not be contacted, nor will their personal information be used in this new manner.
Information posted by Users in online blog updates, public forums, or online bulletin boards may be displayed on the Website.
“Effective Date”: 01/07/2020